d79b69ec7a5c3d84074f7c6762066aa9b65482ccb3fb0b43c233276deaff8095

Analysis

max time kernel
118s
max time network
18s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
27-07-2024 04:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

930d9d5fa1bad2e37e03f8275b961de0N.exe
Size

77KB
MD5

930d9d5fa1bad2e37e03f8275b961de0
SHA1

1d62b1176e17ea34089a5354492ecce20d844784
SHA256

d79b69ec7a5c3d84074f7c6762066aa9b65482ccb3fb0b43c233276deaff8095
SHA512

d7622d8bcd8a28832b2e00b1b970385ab5b146ae03a6c8cc4049f7de0075b91ed6cc982e1bda8075426a5e178c99d16b9340fc76b6b7ac934bb040ee56ba7b87
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBKggU:69WpQE0zxgU

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (593) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\wsdetect.dll.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\PYCC.pf.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Internet Explorer\ie9props.propdesc.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Internet Explorer\pdm.dll.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr.jar.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\CompareDisconnect.wps.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\DVD Maker\ja-JP\DVDMaker.exe.mui.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp	930d9d5fa1bad2e37e03f8275b961de0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	930d9d5fa1bad2e37e03f8275b961de0N.exe

C:\Users\Admin\AppData\Local\Temp\930d9d5fa1bad2e37e03f8275b961de0N.exe
"C:\Users\Admin\AppData\Local\Temp\930d9d5fa1bad2e37e03f8275b961de0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
78KB

MD5
f749045b1fa0b00c3be2a0d8bfc37d1f

SHA1
e43ef7876f232709a9e38f8c8c44a28b07bf0b8b

SHA256
f3f53f99c47037bbf9b575bdc903120c27fb1670045b8aa03d65f6ac880e2411

SHA512
f0b2af4c5f874584a36ac00feb562767beb3a8f591d457bcc74b5abdc9f3cfc5f072fc91446028ee4385244e6f706c5d183eac53fa074b229fc3b8f2f54b43a4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
87KB

MD5
58869898169e88d53be642f0b23b0203

SHA1
1c04fa5685a50b7b7b8e9846ab2ac2100fbc569a

SHA256
fc16c64ad2320cd2b305545a272f65db264864185f66a590941f1ff0ea2e4df6

SHA512
9763491e287215d3eda38428616f157f71f6f7077d2af2ab129e7accccfa57fdc10b1d75453bab04639dc48c06d4bcd634cc0db319605c951849124639a8eb2e

Download Submit